Overview
overview
7Static
static
3dolphin-x64-5.0.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3infinst.exe
windows10-2004-x64
4xinput1_3.dll
windows10-2004-x64
1xinput1_3.dll
windows10-2004-x64
1$TEMP/dxre...UP.dll
windows10-2004-x64
4$TEMP/dxre...UP.exe
windows10-2004-x64
4$TEMP/dxre...32.dll
windows10-2004-x64
4dxupdate.dll
windows10-2004-x64
3$TEMP/vcre...64.exe
windows10-2004-x64
7Dolphin.exe
windows10-2004-x64
1OpenAL32.dll
windows10-2004-x64
1Sys/GameSe...r2.ps1
windows10-2004-x64
3Sys/GameSe...01.ps1
windows10-2004-x64
3Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
07-06-2024 18:11
Static task
static1
Behavioral task
behavioral1
Sample
dolphin-x64-5.0.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral2
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
infinst.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral6
Sample
xinput1_3.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
xinput1_3.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral8
Sample
$TEMP/dxredist/DSETUP.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
$TEMP/dxredist/DXSETUP.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral10
Sample
$TEMP/dxredist/dsetup32.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
dxupdate.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral12
Sample
$TEMP/vcredist/vc_redist.x64.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral13
Sample
Dolphin.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral14
Sample
OpenAL32.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
Sys/GameSettings/GALE01r2.ps1
Resource
win10v2004-20240426-en
Behavioral task
behavioral16
Sample
Sys/GameSettings/GZ2J01.ps1
Resource
win10v2004-20240508-en
General
-
Target
$TEMP/dxredist/dsetup32.dll
-
Size
1.5MB
-
MD5
d8fa7bb4fe10251a239ed75055dd6f73
-
SHA1
76c4bd2d8f359f7689415efc15e3743d35673ae8
-
SHA256
fb0e534f9b0926e518f1c2980640dfd29f14217cdfa37cf3a0c13349127ed9a8
-
SHA512
73f633179b1340c1c14d0002b72e44cab1919d0ef174f307e4bfe6de240b0b6ef233e67a8b0a0cd677556865ee7b88c6de152045a580ab9fbf1a50d2db0673b4
-
SSDEEP
24576:CIQ+ddddddddddddddxOOOOOOOOOOOOOO2iWeXiWeXiWeXiWeXiWeXiWeXiWeXi+:CIQsOOOOOOOOOOOOOO2iWeXiWeXiWeXf
Malware Config
Signatures
-
Drops file in Windows directory 2 IoCs
description ioc Process File opened for modification C:\Windows\Logs\DXError.log rundll32.exe File opened for modification C:\Windows\Logs\DirectX.log rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4972 wrote to memory of 3508 4972 rundll32.exe 83 PID 4972 wrote to memory of 3508 4972 rundll32.exe 83 PID 4972 wrote to memory of 3508 4972 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\dxredist\dsetup32.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4972 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\dxredist\dsetup32.dll,#12⤵
- Drops file in Windows directory
PID:3508
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
238B
MD5ab0e9f18854918e056cb476a51bb4343
SHA145e83cd4b3a36c6681225929a42fb1316c903d86
SHA256b918e9cb4ae556af2f6d2c60da0f9d824cae4ec838043b9b4ff025873dff4a2d
SHA512b5800b5901ac16442950cd973220e37eb0fa057d63325e5e7210d87bf7e9b7978f6a24c83a2aec0b87c5c8ba0d2eb6972a82137313dc11dbe362943ae62bbc54
-
Filesize
679B
MD553b2d68d94901159cdc2025af5c0b34e
SHA1a0612ad8461e3353abe939edf7ebcc1a89e01b17
SHA2563aeb6c0494dbe9a05f515c1ed3c4ef5bee43ab2910d727818f7581fa9c37ef2d
SHA512a4f06a199003f0f170d5cb8e10599d3ba125465adef7ebadc748c4b48999034be0e9aea0b0ddda54c5a70adca15911ed5fc2786e29d8115c25667df1a9aa0d0e